Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Google Android Security Update Patches 40 Vulnerabilities

Google on Tuesday published the Android Security Bulletin for September 2021 with patches for a total of 40 vulnerabilities, including seven that are rated critical.

Google on Tuesday published the Android Security Bulletin for September 2021 with patches for a total of 40 vulnerabilities, including seven that are rated critical.

A total of 16 issues were patched with the first part of this month’s security updates – the 2021-09-01 security patch level – including one critical issue in the Framework component. Tracked as CVE-2021-0687, the security bug affects Android 8.1, 9, 10, and 11.

“The most severe of these issues is a critical security vulnerability in the Framework component that could enable a remote attacker using a specially crafted file to cause a permanent denial of service,” according to Google’s advisory.

Six other vulnerabilities were patched in the Framework component, all considered high-severity. These include five elevation of privilege flaws and one information disclosure vulnerability.

Google also released patches for two high severity information disclosure issues in Media framework, and seven vulnerabilities in the System component: six high severity (two elevation of privilege and four information disclosure bugs) and one medium severity (elevation of privilege).

[ READ: Microsoft Office Zero-Day Hit in Targeted Attacks ]

This month’s Android patches also include a Google Play system update to address the CVE-2021-0690 vulnerability.

The second part of September 2021’s set of patches arrives on devices as the 2021-09-05 security patch level and includes fixes for a total of 23 vulnerabilities in Kernel components, MediaTek components, Unisoc components, Qualcomm components, and Qualcomm closed-source components.

Seven of these security holes, all of them addressed in Qualcomm closed-source components, are rated critical.

Google also announced patches Pixel devices address a total of nine other vulnerabilities, in Kernel, Pixel components, Qualcomm components, and Qualcomm closed-source components.

Pixel devices running a security patch level of 2021-09-05 or later have been patched for all of these issues, as well as for the vulnerabilities in the September 2021 Android Security Bulletin.

Related: Google Patches High-Risk Android Security Flaws

Related: Google Details New Privacy and Security Policies for Android Apps

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.